NSM - Security, Training and Incident Review

NSM Security: Privacy & Confidentiality Policy

 

Private Firm Status

NSM Security is a privately owned consulting firm. We are not a public agency and do not operate as a government contractor.

All client engagements are conducted under private contract. Work product, communications, investigative materials, and advisory reports are treated as confidential business records and are not subject to public records or open records laws.

 

Privacy Commitment

NSM Security respects the sensitive nature of information entrusted to us.

Information submitted through our website, email, phone, or messaging platforms (including LinkedIn, Facebook/Meta, or other third-party services) is used solely to:

  • Respond to inquiries
  • Provide requested services
  • Conduct legitimate business related to security consulting, investigations, incident review, and training

NSM Security does not sell, rent, or commercially distribute client or prospect information.

Information is disclosed only:

  • To the client
  • To the client’s designated legal counsel
  • When expressly authorized by the client
  • When required by lawful court order

All communications are treated as confidential business correspondence.

For privacy inquiries, contact:
robert@nsm-security.com

 

Confidentiality & Information Security

NSM Security routinely works with sensitive, regulated, and confidential information. Our handling practices are informed by the intent and core protections reflected in applicable laws and standards, including:

  • FERPA (educational records)
  • HIPAA (health information)
  • GLBA and related financial privacy regulations
  • Applicable state and federal data protection and records laws

Reference to these frameworks reflects professional handling standards and does not constitute a representation of regulatory compliance on behalf of any client.

 

Information Handling Standards

NSM Security adheres to the following principles:

  1. Information is collected only for legitimate business purposes.
  2. Access is limited to personnel with a direct operational need.
  3. Digital records are maintained on secured systems with appropriate access controls.
  4. Physical records are maintained in controlled environments.
  5. Client information is not sold, marketed, or shared for commercial purposes.
  6. Data is retained only as long as reasonably necessary for business, contractual, or legal purposes.
  7. Upon completion of services, records may be returned to the client or securely destroyed when appropriate and permitted.

NSM does not publish client names, engagement details, or case summaries.

 

Communications & Third-Party Platforms

Communications transmitted via email, web forms, or messaging services are treated as confidential business communications.

Clients should be aware that communications transmitted via third-party platforms (including social media or advertising platforms) may be subject to those platforms’ independent privacy and security practices.

 

Independence

NSM Security operates as an independent advisory firm. We do not sell equipment, provide staffing services, or accept compensation that creates vendor conflicts of interest.

Our structure preserves confidentiality, professional independence, and control of sensitive work product.

 

Professional Principle

Trust is a core professional asset.

Safeguarding client information is fundamental to effective security consulting, investigative review, and expert witness work.

Questions regarding confidentiality or information handling may be directed to:

Robert Nordby
robert@nsm-security.com